What is Phishing?

Phishing is the act of fooling a computer user into submitting personal information by creating a counterfeit website that looks like a real (and trusted) site. It is a hacker technique of “fishing” for passwords and other secret financial info. According to WordSpy.com, the word was invented by computer hackers in the late 1990’s, and it plays off a common hacker word play of changing the letter “f” to “ph”, which was seen as early as the seventies with “phone phreaks.”

Published by the Federal Trade Commission, "OnGuardOnline.gov provides practical tips from the federal government and the technology industry to help you be on guard against internet fraud, secure your computer, and protect your personal information." The phishing section starts out with helpful tips, but the best clicks are the anti-phishing games and videos listed in the right-hand column.

Developed in 2006 by security consultants Drs. Sukamol Srikwan and Markus Jakobsson, the Security Cartoon strip covers lots of cybersafety topics, but mostly focuses on anti-phishing education, or, as they put it: "Oops.. I clicked!" You'll find the various keyword tags (spoofing, malware, pharming, phishing) listed at the bottom of the page, but since they are all related to today's topic, I have sent you to the front page of the site. The cartoons are licensed under Creative Commons Attribution-Noncommercial-No Derivative Works, which means students and teachers can use the cartoons in homework (or on non-commercial websites) along with attribution and a link back to this site.

Snopes is my go-to site for checking out those annoying forwarded emails that get passed from one naive Internet newbie to the next. 99% of the time, Snopes tells me the emailed story is simply not true. But Snopes.com also has a phishing section, which lists many common phishing attempts, sorted by spoofed institution, such as eBay, Facebook and iTunes. But remember, just because your particular suspicious email is not listed here, does not mean that it is an authentic message from a trusted organization.

Developed by Carnegie Mellon, Anti-Phishing Phil is now a commercial product available for corporate licensing from Wombat Security. Lucky for us, however, a free, demo game is available. You are playing as Phil, a young fish learning how to find worms to eat and avoid danger. You are being taught by Phish Guru. As you approach a worm, hover over it to reveal its attached URL. Eat the worm, or discard it, depending on whether the URL is legitimate or not. At any time, Phish Guru is available to show you how to discern the difference between bonafide URLs and spoofed sites.